Navigant Research Blog

Back in September 2014 as the ITS World Congress gathered in Detroit, General Motors (GM) CEO Mary Barra announced that in 2016, a new Cadillac model would become available with the semi-autonomous Super Cruise system. With only a handful of weeks left in 2016, we now know that the Super Cruise will debut on Cadillac’s flagship CT6 sedan, but it won’t be arriving until sometime in 2017.

A lot has happened since that announcement, and GM has put a much greater emphasis on ensuring safety as a result of the massive ignition switch recall that began early in 2014. Those process changes have led to some significant upgrades to Super Cruise in an effort to avoid the issues caused by human interactions with Tesla’s similar AutoPilot driver assist system. Navigant Research’s Autonomous Vehicles report projects that by 2020, approximately 13 million vehicles with these so-called Level 2 automation systems will be sold annually.

Geofencing

In the process of evaluating the safety of Super Cruise, one of the key differences that GM has implemented is geofencing. Since Super Cruise is designed primarily as an advanced highway driving assist system for use on limited access roadways, GM is not relying on customers to understand where it does and does not function. Instead, the system will check the navigation map—if the vehicle isn’t on a suitable road, the driver will not be able to activate it. In contrast, Tesla’s operating instructions state that AutoPilot should only be used on divided, limited access roads, but there is nothing in the system to actively prevent a driver from using the system in an urban area or any other roadway that it’s not designed for.

Similarly, Tesla doesn’t really take measures to prevent operators from taking their attention away from the road. Countless videos have been posted by Tesla drivers as they take a nap, read, or even climb in the back seat while using AutoPilot. The research conducted by Bryan Reimer and the Advanced Vehicle Technology Consortium at the Massachusetts Institute of Technology reinforces the idea that even informed drivers will get distracted while using systems like AutoPilot or Volvo’s Pilot Assist.

Improving Safety

Cadillac is installing an active driver monitoring system in the CT6, which will include more prominent alerts if the operator does not remain engaged while using Super Cruise. If the driver does not respond, the car will pull to the side of the road and come to a safe stop.

GM safety engineers have also addressed the issue of the inevitable mechanical failure. When fully autonomous vehicles arrive, they will require systems that can maintain control during a failure mode until the vehicle is safely stopped. One of the key safety failure modes for a system like Super Cruise is the electrically assisted steering.

One of the optional features on the currently available CT6 without Super Cruise is the Active Chassis Package, which includes a rear-wheel steering system to aid low-speed maneuverability and high-speed stability. This rear steering system will be included on the CT6 with Super Cruise. While the rear steering is not designed to provide the same full maneuvering capability of the normal front steering, it will be sufficient to safely steer the car to the side of the road in the event of a front steering failure.

We won’t have an opportunity to fully evaluate the capabilities of Super Cruise until sometime next year, but it does inspire some confidence that GM is at least thinking about and trying to address both human and mechanical failure modes before putting the system into customer hands.

In February 2015, when word of Project Titan filtered down from Cupertino, California, Apple fans and the tech media instantly whipped themselves into a frenzy that has barely subsided since. However, if a new Bloomberg report is accurate, the never-announced Apple car is now all but dead.

For anyone that gave the premise of Apple building a car serious thought, including yours truly, the concept was always a long shot at best. There is a fundamental disconnect between the way Apple has operated for most of the past 2 decades and the auto industry. With a few rare exceptions like Porsche, automakers have long scraped by on notoriously thin, single-digit margins. Ever since Tim Cook joined Apple in 1998, the company has grown into the most profitable enterprise in the history of the world, with margins that regularly exceed 35%.

Along the way, Apple has created a string of hit products that built on its core competencies of computers and user experience. Building cars would have required several new sets of skills that were completely foreign to Apple. (That’s not to say that a company with $200 billion in the bank and an extremely capable leadership team couldn’t have developed or acquired the necessary skills.)

However, if there is one thing that many (although apparently not all) in Silicon Valley have learned from watching Tesla over the past dozen years, it is that building a car is orders of magnitude more difficult than building a messaging app or a smartphone. The complexities of the supply chain are vast, and the regulatory requirements are labyrinthine.

Automotive Transformation

However, Apple is coming at the automotive space at a time when we are on the verge of the biggest inflection since the Model T. As described in Navigant Research’s Transportation Outlook: 2025-2050 report, the autonomous car may be about to take over from the human driver, and we may be shifting from individual car ownership to on-demand mobility services.

To a degree, this would actually be a very good time for Apple to jump in. Apple is a company that likes to control the user experience, and offering an on-demand mobility service where it doesn’t have to sell individual vehicles might actually be a great fit. On the other hand, that same desire to provide a reliable, consistent experience may be working against the company, as we are on the bleeding edge of autonomous vehicles. Apple prefers to let others go first and then learn from their lessons. It didn’t build the first MP3 player, smartphone, or tablet, but instead waited to build devices that worked better. If Apple wants to enter the mobility business, it might be better off waiting a few years until more of the technical and legal hurdles have been overcome.

The Bloomberg report indicates that the company is pivoting toward providing a software platform for other automakers. This seems unlikely to be a successful strategy. The aforementioned desire for control clashes with automakers’ preference to provide a distinct user experience to customers, so if Apple offered an infotainment system beyond CarPlay, it is unlikely to be adopted. If the company were to offer an autonomous driving platform, it would be something that’s not consumer-facing and unlikely to appeal to Apple. The bigger automakers are all developing autonomous systems in-house, and the smaller brands are likely to go with the more experienced Tier One suppliers like Delphi or Continental that can offer a turnkey solution.

Only a fool would completely discount Apple in the transportation space or anything else it wanted to try—but holding your breath while waiting for the company’s automotive offering might prove just as foolish.

As engineers around the world work to make the self-driving car a practical reality, one of the biggest challenges still faced is how to precisely locate where those vehicles are in space at any moment in time. This is especially important in scenarios where the sensors can’t actually see the road—for example, when it is snowing. One potential approach to the problem would be to turn traffic signals, street lamps, and utility poles into beacons that could be used to more precisely triangulate position.

As outlined in Navigant Research’s Transportation Outlook: 2025-2050 report from 2Q 2016, a primary application of autonomous vehicles is likely to be providing autonomous mobility on-demand services in urban environments. As more of the world’s population moves into cities in the coming decades, those urban centers are likely to grow both out and up toward the sky. However, while skyscrapers allow more people to live in the same land mass, they also create problems for the satellite-based location systems such as the American GPS, Russian GLONASS, and European GALILEO.

As the low-power signals that are broadcast from satellite constellations bounce off buildings in urban canyons, errors are generated. Current generation systems only have about 5 meters of precision, which is fine for general navigation purposes, but inadequate for an autonomous vehicle that needs to make decisions about where it should be on a given road to make an upcoming turn.

Localized Systems

This is where a new localized position system could be beneficial. Go down the street in any developed city in the world and you will find poles sticking out of the ground every few hundred feet at most. These poles are owned and maintained by utilities, municipal lighting departments, telecommunications providers, and others that connect and power the modern world. Equipping these poles with wireless beacons could enable them to be used for much more precise geolocation than is currently possible.

In 2013, Apple introduced support for its iBeacon technology into the iPhone and iPad. Small beacons using Bluetooth low energy can be used to provide location indoors or out, enabling retailers to track where customers are lingering in stores and food vendors to deliver orders in crowded stadiums. Similar technology could be harnessed on the road to locate vehicles.

In early 2016, Ford conducted the first test of its autonomous Fusion prototypes on snow-covered roads at a Michigan test facility. The car was able to navigate by triangulating landmarks that had previously been mapped out using LIDAR. While this approach worked well enough when the test car was the only vehicle on the track, it could be problematic in a city where the same landmarks could be blocked from the LIDAR’s view by other vehicles or objects. An approach using location beacons would achieve a similar effect in combination with high definition maps while eliminating the line-of-sight problem.

Vehicle-to-Infrastructure

Equipping urban utility poles with beacons could provide the owners of these poles with the first step toward full vehicle-to-infrastructure communications and potentially a mechanism to deploy a variety of other revenue generating services. For example, vehicles equipped with cameras for either driver assist or autonomous systems could be used to gather data about available parking spaces. That could then be fed into a reservation system allowing drivers to find and pay for parking before arriving at the location. The data providers could then get a share of the revenue generated from that service.

The first deployments of these beacons could be done in the next few years as vehicle-to-external communications rolls out in new vehicles followed by 5G wireless systems in the early 2020s.

August 2016 brought a flurry of autonomous driving announcements from Delphi, nuTonomy, Ford, Velodyne, Volvo, Uber, Quanergy, and others. News about developments and deployment plans for self-driving vehicles came almost daily. A common thread was that the vehicles will be used as part of autonomous mobility on-demand (AMOD) services that require connectivity in addition to onboard sensing to function. However, something equally (if not more) important to implement before deploying any of these vehicles is beefing up the cyber security.

As the automotive world has raced over the last few years to transform itself into a mobility business, cyber security experts of both the white and black hat variety have also been advancing their own capabilities. In parallel with that, we’ve seen the launch of numerous startups focused on securing increasingly sophisticated vehicles from bad actors, including several based in Israel. Among them are Karamba Security, Argus Cyber Security, and TowerSec.

Hardened Telematics

With external connection points through telematics being the obvious starting point for any malicious attacker trying to infiltrate a vehicle, that’s also the first surface that needs to be hardened. “To provide protection, we have to think like hackers,” said David Barzilai, chairman and co-founder of Karamba. “There are two primary ways to hack a system like this, dropping malicious binary code into the electronic control unit [ECU] or in-memory attacks while the system is running.”

The so-called code-dropper approach involves rewriting some of the code that resides in the flash storage of an ECU with malicious code designed to do something never intended by the manufacturer. Karamba has devised an approach to prevent this that is very straightforward for the software engineers at an automaker to implement without having to change any of their own code.

When building binary files that ultimately get loaded into the ECU, the scripts include calls to the Karamba system to automatically include some of that company’s code. Karamba generates hashes (an encrypted alphanumeric string that uniquely represents the contents of a file) of all the factory binary files which are included. If someone tries to reprogram an ECU with a binary that doesn’t match the hash, it will be rejected.

In-Memory Attacks

Even if the original programming remains intact, in-memory attacks remain the most common attack vector. Control instructions and data get moved from the static flash storage to dynamic memory in order to run in real time. If an attacker manages to inject deliberately corrupted data into a memory address, it is possible to send the control flow off to an instruction never intended by the designers of the system. This is the sort of attack that can enable someone connecting through a vehicle’s telematics system to take control of safety-critical systems like the throttle, brakes, or steering.

Some security providers use heuristic analysis to look for anomalous behavior in real time and stop the activity. This approach creates rules with weighting and probability to detect anomalies based on previously unknown attacks and is utilized by most computer anti-malware programs. Since the in-vehicle electronics should never be running random unknown programs like a computer or smartphone, Karamba has taken a deterministic approach. During the software build, they analyze and map every possible instruction control flow. In the vehicle, any instruction call that doesn’t match the flow map immediately gets discarded, an approach that should not result in any false positives.

Navigant Research’s Autonomous Vehicles report projects that nearly 5 million autonomous vehicles will be sold in 2025, growing to more than 40 million in 2030. Harnessing the safety benefits of this technology requires every vehicle to be secure and resilient against cyber attacks.